What you need to know
- 17 apps have been removed from the App Store.
- The iPhone apps were found to contain malware.
- The apps covered a wide range of categories.
Apple has confirmed that it has removed as many as 17 apps from the App Store after it was found that they contained malware. Those apps all went through the App Store review process with no issues identified at the time.
Instead, the apps were found by mobile security firm Wandera (via ZDNet). All of the apps functioned as they said they would but also had malware running in the background.
The clicker trojan module discovered in this group of applications is designed to carry out ad fraud-related tasks in the background, such as continuously opening web pages or clicking links without any user interaction.
The objective of most clicker trojans is to generate revenue for the attacker on a pay-per-click basis by inflating website traffic. They can also be used to drain the budget of a competitor by artificially inflating the balance owed to the ad network.
Even though no data or financial theft took place, users would have been impacted by the trojan. People with these apps installed might have noticed their iPhone battery draining more quickly than usual. Or it might simply have performed more slowly than expected.
Worryingly, Wandera says that the apps didn't contain the maliscious code but rather received it via a request to a web server. That means there was no way for Apple's App Store review process to spot the malware until the apps were already available. That, in theory, means this could happen again.
The apps communicate with a known command and control (C&C) server to simulate user interactions in order to fraudulently collect ad revenue...
Command & Control enables bad apps to bypass security checks because it activates a communication channel directly with the attacker that is not within Apple's view. C&C channels can be used to distribute ads (like the ones used by the iOS Clicker Trojan), commands, and even payloads (such as a corrupt image file, a document or more). Simply put, C&C infrastructure is a 'backdoor' into the app which can lead to exploitation if and when a vulnerability is discovered or when the attacker chooses to activate additional code that may be hidden in the original app.
All of the affected apps were from AppAspect Technologies. Those apps were:
- RTO Vehicle Information
- EMI Calculator & Loan Planner
- File Manager – Documents
- Smart GPS Speedometer
- CrickOne – Live Cricket Scores
- Daily Fitness – Yoga Poses
- FM Radio – Internet Radio
- My Train Info – IRCTC & PNR (not listed under developer profile)
- Around Me Place Finder
- Easy Contacts Backup Manager
- Ramadan Times 2019
- Restaurant Finder – Find Food
- BMI Calculator – BMR Calc
- Dual Accounts
- Video Editor – Mute Video
- Islamic World – Qibla
- Smart Video Compressor
If you have any of those installed we'd suggest removing them ASAP.
Apple's 'Spring Loaded' event had something for everyone
Apple's Spring Loaded event had a ton of announcements. Some made me really excited, some made me scratch my head, and some made me shrug my shoulders. Here's my reaction to all the new products and services!
Apple supplier hit by $50 million ransomware attack, MacBook designs leaked
Apple supplier Quanta has reportedly been hit by a ransomware attack, with a hacking group demanding $50 million and posting MacBook schematics online.
Carriers offering 5G iPad Pro subsidies up to $200
Apple has stated that carriers will offer buyers subsidies of up to $200 toward the purchase of an iPad Pro with 5G through certain carriers.
How will you attach your AirTag to the item you wish to track?
Apple's AirTag doesn't have any hooks or adhesive for attaching to your precious items. Luckily there are plenty of accessories for that purpose, both from Apple and third parties.